Sep 4th, 2009, 05:46 AM
"remember me" w/o Acegi
I'm working on a project that doesn't use Spring Security / Acegi. The login is very basic, and it really doesn't make sense to invest the time to learn and add Spring Security at this point.
That said, we would like to add a "Remember Me" on the log in, if it can be done quickly and easily. Questions:
1. Does it make any sense to add the Remember Me without Spring Security?
2. Are there any good tutorials / guides on how to do this? I have very limited experience with Cookies.
3. Below are my thoughts on the easiest way to implement this - does it make sense?
Here are my thoughts on implementing: When "remember me" is checked and the user is logged on, store a cookie with the user id and some complicated hash of the password (don't want to store the password itself). Anytime we get a page visit from a non-logged in user, check to see if there is a cookie with username/pass hash, and, if so, log on the user. Does this seem like the easiest way?
Sep 6th, 2009, 02:21 PM